[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

ISA, sharepoint and ftp - Forms Based Authentication questions

Posted on 2009-03-30
7
Medium Priority
?
919 Views
Last Modified: 2013-12-04
My company currently has a sharpoint site that is accessed by both internal employees and external clients.  We have created AD accounts for the external people.  We are in the process of setting up and FTP site also that will need the same access.  I am beginning to look into FBA (forms based authentication) so the external users do not need to have accounts created in our active directory.  Would ISA be a good canidate to help me accomplish a cleaner setup of this system?  I am trying to see if this should be an avenue I should look at in order to allow external clients a way to authenticate to our sharepoint and FTP through some central console and allow them access to their info and also allow my internal users a way to securly access these same systems when out of the office?

Thanks for any help.
0
Comment
Question by:martin2478
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 24021197
Maybe and maybe not. ISA is a great tool but you sound as though you are moving to the next level here. Have a look at the IAG Server - ISA's sister product in the Forefront: Edge portfolio.

http://www.microsoft.com/forefront/en/us/default.aspx
0
 

Author Comment

by:martin2478
ID: 24021634
Thanks for the response.  I will look more into IAG but it was the forms based authentication that is mentioned in ISA that I am interested in.  Right now I have sharepoint , ftp , and web outlook setup for remote use.  I am really looking for a clean way to authenticate people outside of our company and tie that into them being able to access our ftp and sharepoint sites with the same usernames and passwords without me having to create the accounts in my active directory.

I amy be looking at the wrong app but any more tips would be great.

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 24022807
Understood. But ISA is not a repository. Where are you going to store the account details of external users - I assume an internal SQL server or something?

We used a separate AD in the DMZ and then used identity Lifecycle Manager (ILS) to do all of this with IAG on the outside and ISA on the inside. Have you reviewed the creating the extranet for Sharepoint guides?

That said, if you simply want a control point then yes, ISA will do it.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:martin2478
ID: 24023182
Thanks for the info.  I was planning on using SQL to house external user accounts.

Your setup seems like a secure setup and will have to look into something like that more.

I have not read the extranet for sharepoint guides, I believe I should start there before continuing the conversation to get a better grasp.  But before into reading does this mentality make any sense to you.

Have internal users have AD accounts.  External users use an FBA tied into a SQL database.  Use ISA as a portal for external users to authenticate with and then from there they will have access to our sharepoint and ftp site?

Thanks again for all of your help.  The fog seems to be clearing finally in my head.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 24023254
your approach is fine - and often adopted. The part where many go wrong is to NOT think about where it might go in the future. For example, if you decide to open up the portal/self-service aspects then are you going to want to have to administrate all of that? the authentication? The authorisation? Small things in the early days but it can grow as the benefits are identified and you want to realise them.

Anyway, this is a useful place to start. For reference we use the split model.
With ISA2006
http://technet.microsoft.com/en-us/library/cc268368.aspx

Extranet
http://technet.microsoft.com/en-us/library/cc263513.aspx#section3
0
 

Author Closing Comment

by:martin2478
ID: 31564323
Thanks for all of your help.  This has me heading in the right direction now.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 24043126
Thanks :)
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
When using a search centre, I'm going to show you how to configure Sharepoint's search to only return results from the current site collection. Very useful when using Office 365 with multiple site collections.
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Stellar Phoenix SQL Database Repair software easily fixes the suspect mode issue of SQL Server database. It is a simple process to bring the database from suspect mode to normal mode. Check out the video and fix the SQL database suspect mode problem.

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question